Defence in depth: Stop spending, start consolidating

Kacy Zurkus |
March 15, 2016

How many tools are too many tools to have an efficient defense in depth security infrastructure?

Webb said, "It’s important to be realistic about what is possible given the people you have. Also, I recommend that they have a strategy that maximizes the results while minimizing the noise in the way they build their infrastructure. That’s why we are seeing this shift to analytics and machine learning. All of those are the result of the need to find balance in this space of too many things to look at and too little help."

Both Webb and Black recommended that security practitioners shift their thinking in order to build their security strategy in a way that protects from the inside out. "A very successful security team makes it hard to get in but also focuses on quickly getting them out and limiting the damage they can do," said Webb.

The physical network still needs defense, so firewalls and switches need to be in place, but many security professionals are exploring behavior analytics and virtualization technologies in order to understand user behavior and have complete visibility into the extended network.

"You really have to focus on what is the critical stuff," said Webb. Understanding the key sets of information. The confidential and private information should be the starting point to building a better security strategy.

"Look at whether you really need this product that is monitoring this information. Build outwards based on information and people rather than building inwards. Take a hard look at what the problem we are trying to solve is as opposed to putting tools in to prevent what was a previous security risk," said Webb.

Webb said he often recalls a quote from Bruce Schneier, who said, "Complexity is the enemy of security." The more complex the security infrastructure, the harder it is to defend.